How do VLANs work with telnet?

[ams1234]

http://orbit-computer-solutions.com/images/intervlanrouting.png

In this image, I want to telnet from PC 1 to the switch.
I'm thinking I need to:
*Create a management VLAN on the switch, say VLAN 99 and give it a management IP of 192.168.5.1/24 (SVI)
*Have a sub-interface on the router with IP 192.168.5.254

When I telnet from 192.168.1.4 to 192.168.5.1 does the packet go through the router because they are on different subnets? And would I need the "ip default-gateway" command on the switch?

Additionally, if there were many hops between PC 1 and the router, how is the SYN packet transferred across? If there are 10 hops in between is the SYN bit set for every hop, same TCP seq number? And when router sends back a SYN-ACK the TCP seq number should increment and every hop back receives this?

Thanks.

 

[kevnich2]

If you want to telnet to the switch, you need to telnet to whatever IP the switch is assigned. You could technically have a management vlan but it's not required. I don't see 192.168.5. anything in your pic so not sure where that's at. As for your last question, if you access ANYTHING on a different subnet, it will go through whatever your default gateway is set to on your local computer or NIC.

Remember, a VLAN operates at layer 2, that's it. To telnet, you're involving layer 3, so make sure all your routing and ACL's are working. Try pinging the switch IP first to make sure icmp works before trying telnet.

 

[mv2devnull]

First, is telnet the only option on the switch? Doesn't it support ssh or https? The issue with telnet is that it uses unencrypted communication, including cleartext passwords. Telnet is not safe.

If you have a device X on subnet A and it is contacted by a device Y that is on subnet B, i.e. not on A, then the replies send by X have destination B.y and thus X does need a route to B.

It does depend on switch, what kind of routes to configure.
One could be restrictive: "to 192.168.1.4 via 192.168.5.254"
or a bit more open: "to 192.168.1.0/24 via 192.168.5.254"
or "all that is not 192.168.5.0/24 via 192.168.5.254" aka default route

Alternatively, the router could use NAT to rewrite source address on packets sent to 192.168.5.1 as "192.168.5.254" in which case the switch would not need to connect outside of subnet A (192.168.5.0/24) at all.


But why create a VLAN between switch and router? Why don't you add VLAN 99 to PC1? Trunk the connection between PC1 and the switch. Then PC1 (and only PC1) can manage the switch (via VLAN 99) and talk to others (and outside via router) on the 192.168.1.0/24 via the other VLAN.

 

[her209]

Traffic will go from PC to switch Fa0/8 to router Fa0/0 and back to switch Fa/03.

You'll need ip default-gateway.

TTL counter is decremented for SYN packet just like all other IP packets. SYN, ACK, SYN-ACK, TCP sequence #. That's all layer 4. Routers don't examine layer 4.